Earlier this month, HM Treasury (HMT) issued a consultation on how the UK would transpose the Fifth Money Laundering Directive (MLD5) into national law, including what controls cryptoasset exchanges and custodian wallet providers will have to put in place.
The consultation also seeks views on the proposed approach to transposing MLD5 in light of the increasing money laundering and terrorist financing (ML/TF) risks associated with cryptoassets as well as areas where the UK may wish to go further than MLD5 to "protect consumers and markets from illicit activity".
MLD5, which must be transposed into national law by 10 January 2020, introduces for the first time requirements for cryptoasset exchanges and custodian wallet providers.
Among other things, firms offering cryptoasset exchange services (between fiat and cryptoassets) and custodian wallet services will have to carry out customer due diligence (CDD), assess their ML/TL risks and report suspicious activity.
They will also need to register with the relevant UK supervisor.
"The introduction of CDD obligations will ensure that firms verify the identity of their customers, and that law enforcement agencies will be able to use this information to identify the perpetrators of illicit activity," the consultation said.
Regulated firms will also have to apply CDD measures before establishing a business relationship (or before carrying out occasional transactions worth over €10,000, or when they suspect any ML/FT activity).
In addition, under the new Financial Action Task Force (FATF) recommendations, members now have to regulate cryptoassets and cryptoasset service providers.
These obligations go further than the MLD5 requirements, and will inform the UK’s approach to consulting on regulation in this space.
To gold-plate or not to gold-plate?
MLD5 is a "minimum harmonising piece of legislation" and because of the "risks associated with entities and activities not captured by MLD5 and the anticipated scope of FATF’s revised recommendations on regulating cryptoassets" the government is inclined to go beyond MLD5’s thresholds "to ensure the UK continues to meet evolving global standards and fully addresses risks".
The government is therefore considering either transposing the MLD5 provisions only or adding additional provisions to MLD5's minimum requirements.
MLD5 provisions only
In transposing MLD5, the government will have to select a supervisory body to ensure that firms have appropriate systems and controls in place to comply with their new obligations.
The consultation states that the Financial Conduct Authority’s (FCA) involvement in the Cryptoassets Taskforce, its recent perimeter guidance and experience in regulating asset-based service providers qualify it for this responsibility.
The government has therefore asked the FCA to supervise cryptoasset exchanges and custodian wallet providers in fulfilling their anti-money laundering/combating terrorism financing (AML/CTF) obligations as well as be the registering authority for cryptoasset firms.
The government is seeking views on this decision before confirming the supervisor.
Additional regulatory provisions when transposing MLD5
According to government intelligence reports, illicit activity is being carried out at various points of cryptoasset exchange, and the government is keen to address these risks through AML/CTF regulation.
The government is therefore seeking views on the ML/TF risks in relation to various activities outlined below as well as the approach to bringing providers within the scope of the regulations (in addition to MLD5 provisions):
- crypto-to-crypto and peer-to-peer exchange service providers;
- Cryptoasset Automated Teller Machines (physical kiosks that allow users to exchange cryptoassets and fiat currencies);
- issuance of new cryptoassets, e.g. through initial coin offerings; and
- the publication of open-source software (including non-custodian wallet software and other types of cryptoasset-related software).
Cross-border risks and other issuers
HMT also seeks views on the cross-border risks (and potential regulatory solutions) posed by cryptoassets and associated service providers.
Firms based outside the UK would theoretically avoid UK regulatory standards and would not have to conduct CDD checks.
It also means that being based outside the UK offers benefits for firms, which is at odds with the UK’s ambition to maintain its reputation as a transparent and safe place with high regulatory standards for financial services.
The consultation states that the government "recognise[s] the challenges both in terms of practicalities and effectiveness of any approach seeking to address these cross-border risks" and welcomes views on these issues.
The consultation also seeks opinions on further issues:
- The costs for cryptoasset service providers to implement the new requirements, for example carrying out CDD checks, training costs for staff, and risk assessment costs as well as how this would differ between various providers.
- Whether the MLD5 definition of "virtual currencies" encompasses all three types of cryptoassets identified by the Cryptoassets Taskforce, (exchange tokens, security tokens and utility tokens), or whether the definition needs to be amended to capture all three. The consultation also questions whether some assets are likely to be considered a virtual currency or cryptoasset which would fall within the MLD5 definition, but not within the Taskforce’s categories.
- MLD5 defines a custodian wallet provider as “an entity that provides services to safeguard private cryptographic keys on behalf of its customers, to hold, store and transfer virtual currencies”. The consultation asks whether the MLD5 definition needs to be amended in order to capture the three types of cryptoassets (as previously mentioned). Further, the consultation asks whether there are wallet services providers which fall outside the MLD5 definition, but should come within the UK’s regime. The FCA has previously mentioned including non-custodial wallets. This has proven to be a controversial suggestion, due to the practical problems involved in implementation. Non-custodial wallet providers provide the software and give users full control over their funds. This differs from custodial wallets where the private keys for controlling the coins are kept on servers of a third party company. Therefore, imposing an obligation on non-custodial wallet providers to carry out checks on users and monitor transactions, when the provider only provides the software, will pose many practical problems.
- The regulation of privacy coins is also discussed in the consultation. Privacy coins employ a number of techniques to give users true anonymity and privacy. This is different to other tokens which are inherently public, for example the bitcoin blockchain, where once a wallet address can be linked to a user, all the transaction history becomes public. Due to this inherent anonymity, the trading and exchange of privacy coins may require different restrictions. HMT asks what approach the UK should consider taking to address the risks posed by privacy coins. It also asks how CDD obligations should apply in this area.
What happens now?
The consultation closes on 10 June 2019.
The government will also consult this year to consider the regulatory perimeter in relation to security and utility tokens, and to further explore whether and how exchange tokens and related firms could be regulated beyond the AML/CTF proposals outlined in the consultation.
If you want to take advantage of blockchain's huge potential and disruptive impact, while avoiding falling foul of ever-developing regulatory and legal requirements, visit our Hogan Lovells Engage Blockchain Toolkit.
For more news and analysis that is tailored to you, as well as access to Hogan Lovells' cutting-edge interactive Lawtech tools, register for free on Engage.
You can also keep track of all the Engage content by following our LinkedIn page.